# HG changeset patch # User casties # Date 1423415340 -3600 # Node ID cf44d9e1a4a788c545827f19e13ee30d4a9f764e # Parent 475ab3d32630badf3be3c9c64fab1f6e37fdea1f let CORS be handled by Restlet 2.3 CorsFilter. diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Sun Feb 08 18:09:00 2015 +0100 @@ -54,10 +54,6 @@ */ public class AnnotatorAnnotations extends AnnotatorResourceImpl { - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET,POST,PUT,DELETE"; - } - /** * GET with JSON content-type. * @@ -67,7 +63,6 @@ @Get("json") public Representation doGetJSON(Representation entity) { logger.fine("AnnotatorAnnotations doGetJSON!"); - setCorsHeaders(); // id from URI /annotations/{id} String id = null; String jsonId = (String) getRequest().getAttributes().get("id"); @@ -164,8 +159,6 @@ @Post("json") public Representation doPostJson(Representation entity) { logger.fine("AnnotatorAnnotations doPostJSON!"); - // set headers - setCorsHeaders(); // do authentication TODO: who's allowed to create? Person authUser = getUserFromAuthToken(entity); @@ -219,7 +212,6 @@ @Put("json") public Representation doPutJSON(Representation entity) { logger.fine("AnnotatorAnnotations doPutJSON!"); - setCorsHeaders(); // id from URI /annotations/{id} String jsonId = (String) getRequest().getAttributes().get("id"); String id = decodeJsonId(jsonId); @@ -282,7 +274,6 @@ @Delete("json") public Representation doDeleteJSON(Representation entity) { logger.fine("AnnotatorAnnotations doDeleteJSON!"); - setCorsHeaders(); // id from URI /annotations/{id} String jsonId = (String) getRequest().getAttributes().get("id"); String id = decodeJsonId(jsonId); diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByResources.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByResources.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByResources.java Sun Feb 08 18:09:00 2015 +0100 @@ -49,14 +49,10 @@ * */ public class AnnotatorAnnotationsByResources extends AnnotatorResourceImpl { - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET"; - } @Get("json") public Representation doGetJSON(Representation entity) { logger.fine("AnnotatorAnnotatonsByResource doGetJSON!"); - setCorsHeaders(); // do authentication Person authUser = getUserFromAuthToken(entity); diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByTags.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByTags.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByTags.java Sun Feb 08 18:09:00 2015 +0100 @@ -48,14 +48,10 @@ * */ public class AnnotatorAnnotationsByTags extends AnnotatorResourceImpl { - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET"; - } @Get("json") public Representation doGetJSON(Representation entity) { logger.fine("AnnotatorAnnotatonsBytag doGetJSON!"); - setCorsHeaders(); // do authentication Person authUser = getUserFromAuthToken(entity); diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorGroups.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorGroups.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorGroups.java Sun Feb 08 18:09:00 2015 +0100 @@ -47,9 +47,6 @@ * */ public class AnnotatorGroups extends AnnotatorResourceImpl { - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET"; - } /** * GET with JSON content-type. @@ -63,7 +60,6 @@ @Get("json") public Representation doGetJSON(Representation entity) { logger.fine("AnnotatorGroups doGetJSON!"); - setCorsHeaders(); // get user from auth token (preferred) Person authUser = getUserFromAuthToken(entity); JSONArray results = null; diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java Sun Feb 08 18:09:00 2015 +0100 @@ -44,10 +44,9 @@ import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import org.restlet.data.Header; import org.restlet.data.Status; -import org.restlet.data.Header; import org.restlet.representation.Representation; -import org.restlet.resource.Options; import org.restlet.resource.ServerResource; import org.restlet.util.Series; @@ -76,10 +75,6 @@ private AnnotationStore store; - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET,POST"; - } - protected AnnotationStore getAnnotationStore() { if (store == null) { store = ((BaseRestlet) getApplication()).getAnnotationStore(); @@ -108,44 +103,6 @@ } /** - * Handle options request to allow CORS for AJAX. - * - * @param entity - */ - @Options - public void doOptions(Representation entity) { - logger.fine("AnnotatorResourceImpl doOptions!"); - setCorsHeaders(); - } - - /** - * set headers to allow CORS for AJAX. - */ - protected void setCorsHeaders() { - Series
responseHeaders = (Series
) getResponse().getHeaders(); - if (responseHeaders == null) { - responseHeaders = new Series
(Header.class); - getResponse().getAttributes().put("org.restlet.http.headers", responseHeaders); - } - responseHeaders.add("Access-Control-Allow-Methods", getAllowedMethodsForHeader()); - // echo back Origin and Request-Headers - @SuppressWarnings("unchecked") - Series
requestHeaders = (Series
) getRequest().getAttributes().get("org.restlet.http.headers"); - String origin = requestHeaders.getFirstValue("Origin", true); - if (origin == null) { - responseHeaders.add("Access-Control-Allow-Origin", "*"); - } else { - responseHeaders.add("Access-Control-Allow-Origin", origin); - } - String allowHeaders = requestHeaders.getFirstValue("Access-Control-Request-Headers", true); - if (allowHeaders != null) { - responseHeaders.add("Access-Control-Allow-Headers", allowHeaders); - } - responseHeaders.add("Access-Control-Allow-Credentials", "true"); - responseHeaders.add("Access-Control-Max-Age", "60"); - } - - /** * returns if authentication information from headers is valid. * * @param entity diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResources.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResources.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResources.java Sun Feb 08 18:09:00 2015 +0100 @@ -48,9 +48,6 @@ * */ public class AnnotatorResources extends AnnotatorResourceImpl { - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET"; - } /** * GET with JSON content-type. @@ -62,7 +59,6 @@ @Get("json") public Representation doGetJSON(Representation entity) { logger.fine("AnnotatorResources doGetJSON!"); - setCorsHeaders(); String jsonId = (String) getRequest().getAttributes().get("id"); if (jsonId != null) { diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorRestlet.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorRestlet.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorRestlet.java Sun Feb 08 18:09:00 2015 +0100 @@ -22,7 +22,11 @@ * #L% */ +import java.util.Arrays; +import java.util.HashSet; + import org.restlet.Restlet; +import org.restlet.engine.application.CorsFilter; import org.restlet.routing.Router; /** @@ -31,7 +35,7 @@ */ public class AnnotatorRestlet extends BaseRestlet { - public final String version = "AnnotationManagerN4J/Annotator 0.5.0"; + public final String version = "AnnotationManagerN4J/Annotator 0.5.1"; /* * (non-Javadoc) @@ -40,10 +44,9 @@ */ @Override public Restlet createInboundRoot() { - // this.authenticator = createAuthenticator(); Router router = new Router(getContext()); - + router.attach("/annotations", AnnotatorAnnotations.class); router.attach("/annotations/{id}", AnnotatorAnnotations.class); router.attach("/search", AnnotatorSearch.class); @@ -55,10 +58,19 @@ router.attach("/resources/{id}", AnnotatorResources.class); router.attach("/resources/{id}/annotations", AnnotatorAnnotationsByResources.class); router.attach("/", AnnotatorInfo.class); + //return router; + + // this.authenticator = createAuthenticator(); // authenticator.setNext(router); // return authenticator; - return router; + // handle Cross-Origin-Resource-Security headers + CorsFilter corsFilter = new CorsFilter(getContext(), router); + corsFilter.setAllowedOrigins(new HashSet(Arrays.asList("*"))); + corsFilter.setAllowedCredentials(true); + corsFilter.setNext(router); + return corsFilter; + } /* (non-Javadoc) diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java Sun Feb 08 18:09:00 2015 +0100 @@ -1,6 +1,3 @@ -/** - * Implements the "search" uri of the Annotator API. - */ package de.mpiwg.itgroup.annotations.restlet; /* @@ -51,10 +48,6 @@ */ public class AnnotatorSearch extends AnnotatorResourceImpl { - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET"; - } - /** * result for JSON content-type. optional search parameters: uri, user, limit, * offset, sortBy. @@ -65,7 +58,6 @@ @Get("json") public Representation doGetJSON(Representation entity) { logger.fine("AnnotatorSearch doGetJSON!"); - setCorsHeaders(); // do authentication Person authUser = getUserFromAuthToken(entity); logger.fine("request authenticated=" + authUser); diff -r 475ab3d32630 -r cf44d9e1a4a7 src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorTags.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorTags.java Sun Feb 08 16:57:42 2015 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorTags.java Sun Feb 08 18:09:00 2015 +0100 @@ -1,6 +1,3 @@ -/** - * ReST API for accessing groups in the Annotation store. - */ package de.mpiwg.itgroup.annotations.restlet; /* @@ -48,9 +45,6 @@ * */ public class AnnotatorTags extends AnnotatorResourceImpl { - protected String getAllowedMethodsForHeader() { - return "OPTIONS,GET"; - } /** * GET with JSON content-type. @@ -64,7 +58,6 @@ @Get("json") public Representation doGetJSON(Representation entity) { logger.fine("AnnotatorGroups doGetJSON!"); - setCorsHeaders(); String jsonId = (String) getRequest().getAttributes().get("id"); // String id = decodeJsonId(jsonId);